• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.230-233
• /
• 2014

Latest Inforamtion security threats and risks change very rapidly, and there to strengthen the security level of the major companies and organizations are diversified attack to respond to a penetration test conducted. Penetration test(PenTest) is safer for the purpose of looking for vulnerabilities in computer systems by taking advantage of vulnerabilities discovered in the same way as a hacker attack. How to make a security vulnerability could be exploited by attempting to attack show. On the other hand, many security companies are testing in a variety of ways to be penetrated. However, penetration testing to evaluate the strength and reliability has not performed yet. Therefore, in this study, Penetration testing to validate and present a reliable method of evaluation. In this study, penetration testing, assessment information to provide the evaluation results are more reliable. And, as a result, efficient penetration test is expected to be possible.

• Journal of Information Technology Applications and Management
• /
• v.26 no.2
• /
• pp.27-40
• /
• 2019

As reliance on information and communication becomes widespread, a variety of information dysfunctions such as hacking, viruses, and the infringement of personal information are also occurring. Korean adolescents are especially exposed to an environment in which they are experiencing information dysfunction. In addition, youth cybercrimes are steadily occurring. To prevent cybercrime and the damage caused by information dysfunction, information security practices are essential. Accordingly, the purpose of this study is to discuss the factors affecting the information security practices of Korean youths, considering information security education, perceived severity, and perceived vulnerability as leading factors of the theory of planned behavior. A questionnaire survey was administered to 118 middle and high school students. Results of the hypothesis test show that information security education affects perceived behavior control, and perceived severity affects attitude. Subjective norms, information security attitudes, and perceived behavioral control were found to influence adolescents' practices of information security. However, perceived vulnerabilities did not affect youths' information security attitudes. This study confirms that information security education can help youths to practice information security. In other words, information security education is important, and it is a necessary element in the information curriculum of contemporary youth. However, perceived vulnerability to youth information security threats did not affect information security attitudes. Consequently, we suggest that it is necessary to strengthen the contents of the information security education for Korean youths.

• Korean Security Journal
• /
• no.62
• /
• pp.205-221
• /
• 2020

The purpose of this study was to examine the effects of emotional labor on fatigue in regular private participation of sports workers, and to provide basic data to improve the welfare and working environment of private security guards, the core of private security industry. The survey response of 260 private security guards was used as the final analysis data, and the following conclusions were drawn through statistical tests of factor analysis, t-test, correlation analysis, and multiple regression analysis using the SPSS Windows 18.0 statistical program. First, the private security guards who regularly participate in sports showed lower sub-variability of fatigue, physical, exhaustion, and nervous system fatigue than private security guards who did not participate in sports. Second, it was found that fatigue was lower as the inner variables became higher, and that as the surface behavior became higher, the fatigue factor was lower. In conclusion, regular exercise participation can reduce emotional labor and improve fatigue of civil security personnel.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.5
• /
• pp.945-950
• /
• 2017

Due to the vulnerability of the software, there is a hacking attack on the country's cyber infrastructure and real financial assets. Software is an integral part of the operating system and execution system that controls and operates Internet information provision, cyber financial settlement and cyber infrastructures. Analyzing these software vulnerabilities and enhancing security will enhance the security of cyber infrastructures and enhance the security of actual life in the actual country and people. Software development security system analysis and software development Security diagnosis analysis and research for enhancing security of software vulnerability. In addition, we will develop a textbook for the training of software vulnerability diagnosis and maintenance education, develop pilot test problems, pilot test of diagnostic staff, The purpose of this study is to enhance the software security of the cyber infrastructures of national and national life by presenting curriculum and diagnosis guide to train the software vulnerability examiner.

• Convergence Security Journal
• /
• v.21 no.1
• /
• pp.45-53
• /
• 2021

When the security monitoring system is performed in a separation network, there is little normal anomaly detection in internal networks or high-risk sections. Therefore, after the establishment of the security network, a model is needed to evaluate state-of-the-art cyber threat anomalies for internal network in separation network to complete the optimized security structure. In this study, We evaluate it by generating datasets of cyber vulnerabilities and malicious code arising from general and separation networks, It prepare for the latest cyber vulnerabilities in internal network cyber attacks to analyze threats, and established a cyber security test evaluation system that fits the characteristics. The study designed an evaluation model that can be applied to actual separation network institutions, and constructed a test data set for each situation and applied a real-time security assessment model.

• Journal of National Security and Military Science
• /
• s.8
• /
• pp.383-420
• /
• 2010

This article is focusing on the improvement of weapon system test & evaluation, aimed at the weapon system in the research development stage. This article suggests improvement directions in three aspects(organization and system, skilled manpower and technology, test facilities of weapon system test & evaluation) as follows. 1) Weapon system test & evaluation organization and system a. Establishment of comprehensive test & evaluation system b. Making regulation for comprehensive test infrastructure management. c. Standardization of test & evaluation process, which can be used in special subject to army, navy and air force. 2) Skilled manpower and technology of weapon system test & evaluation a. Training & education, management of test & evaluation experts. b. Establishment of skill management system of test & evaluation. 3) Test facilities of weapon system test & evaluation a. Establishment of comprehensive improvement direction of test & evaluation installation and equipment. b. Consideration of counter measures to prevent overlapping investment, and to use the test & evaluation resources efficiently. c. Establishment of organic network for the effective use of test & evaluation installation and equipment. d. Establishment of detailed cooperation plan for the commonage of test & evaluation facility and equipment.

• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.61 no.8
• /
• pp.1186-1192
• /
• 2012

In Jeju Smart Grid field test, Zigbee technology is being used as one of customer side solutions for AMI. Although Zigbee networks that provides effective connectivity and control among devices are advantages in ease of implementation and use, the data can be exposed to cyber attacks such as eavesdrop, unauthorized data dissemination and forgery. Currently authentication and confidentiality services are provided with the network and link keys generated based on public key pairs that are pre-installed in offline. However, the network is vulnerable once a hacker intrudes into a local network because operation and management policies for the generated keys are not well-established yet. In this paper, the vulnerability of the Zigbee security system in the customer side environment of Jeju Smart Grid field test is analyzed. Then, two-way authentication with the unique identifiers of devices and user-specific group management policies are proposed to resolve the vulnerability.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2019.01a
• /
• pp.355-356
• /
• 2019

글로벌 게임 시장 규모가 전년 대비 13.3% 늘어나고 국내 게임 시장 규모도 전년 대비 6.2%로 증가되고 있는 것이 현재 게임 산업의 현황이다. 그러나 이에 반해 게임을 향한 해킹 공격도 지금 이 순간에도 지능화되고 횟수 역시 기하급수적으로 늘어가는 것도 현 게임 산업의 실태이다. 본 논문에서는 게임을 기반으로 게임 사용자들의 중요한 데이터를 탈취하고 피해를 막기 위해서 좀 더 다른 시각에서 게임 해킹을 방어할 수 있는 방법으로 사이버 보안 테스트를 이용하여 현재 게임 사이트의 보안상태를 점검하고 개선할 수 있는 방법을 제시한다.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.2
• /
• pp.15-26
• /
• 2021

Recently, as the introduction of cloud, mobile, and IoT has become active, there is a growing need for technology development that can supplement the limitations of traditional security solutions based on fixed perimeters such as firewalls and Network Access Control (NAC). In response to this, SDP (Software Defined Perimeter) has recently emerged as a new base technology. Unlike existing security technologies, SDP can sets security boundaries (install Gateway S/W) regardless of the location of the protected resources (servers, IoT gateways, etc.) and neutralize most of the network-based hacking attacks that are becoming increasingly sofiscated. In particular, SDP is regarded as a security technology suitable for the cloud and IoT fields. In this study, a new access control system was proposed by combining SDP and hash tree-based large-scale data high-speed signature technology. Through the process authentication function using large-scale data high-speed signature technology, it prevents the threat of unknown malware intruding into the endpoint in advance, and implements a kernel-level security technology that makes it impossible for user-level attacks during the backup and recovery of major data. As a result, endpoint security, which is a weak part of SDP, has been strengthened. The proposed system was developed as a prototype, and the performance test was completed through a test of an authorized testing agency (TTA V&V Test). The SDP-based access control solution is a technology with high potential that can be used in smart car security.

• Convergence Security Journal
• /
• v.16 no.1
• /
• pp.13-21
• /
• 2016

At the present moment when around 60 years have passed after the introduction of private security, there are security instructor and protection specialist guard as government official recognition qualification. This study discussed problems of secondary performance test system among qualification certification items which have been implement ed as government official recognition qualification since 2013. Current qualification certification for protection specialist guard is composed of primary academic test and secondary performance test. Since it is estimated that it is high time to increase clients' satisfaction and public reliability through strict qualification certification for protection specialist guard. Following improvement plans are intended to suggest. First, it is a plan to divide and diversify difficulties of performance test evaluation events. Second, it is a plan to diversify evaluation criteria of performance test. Third, it is a plan to make criteria for selecting specialized performance test evaluation committee. Fourth, it is a new plan of exclusion system to avoid any relation between performance test evaluation committee and applicants. In this respect, institutional improvement should be followed in order to improve specialty of qualification certification of performance test system for protection specialist guard.